Re: Multiple VPN connections from behind a NAT - Netgear and Linksys routers

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Gordon Fecyk (gordonf_at_pan-am.ca)
Date: 04/25/04 

Date: Sat, 24 Apr 2004 21:55:21 -0500

> I have a Netgear router at home and my home network is behind the NAT
> network provided by this router. I connect from this home network to
> work using Windows XP's built in VPN software. What I am finding is
> that if two client machines from my home network start VPN tunnels to
> outside, only one of them works. The other one does not. A single VPN
> tunnel works perfectly.

The Linksys Etherfast routers seem to have problems with more than one PPTP
connection to the _same PPTP server_, as it seems the router doesn't know
how to tell the difference between packets from one PPTP client and from the
other. Or maybe it's the server that can't tell the difference because it's
ignoring other tokens placed in the IP packets by the NAT router. All the
server sees, after all, is GRE (Protocol 47) packets coming from some IP
address, but it's the IP address of the router and not the stations behind
it.

If I need to use a scenario like this, I tend to jump from Linksys right to
Snapgear, and have the Snapgear router perform the PPTP connection instead
of the stations behind it. Snapgear can NAT the PPTP connection so you
don't need to route a network back to the Snapgear, but Win2K and Win2K3
Server PPTP supports that if you want. 

-- 
PGP key (0x0AFA039E): <http://www.pan-am.ca/consulting@pan-am.ca.asc>
What's a PGP Key?  See <http://www.pan-am.ca/free.html>
GOD BLESS AMER, er, THE INTERNET. <http://vmyths.com/rant.cfm?id=401&page=4>

Relevant Pages

  • Re: PPTP VPN using MPD behind NAT help needed
    ... Because PPTP encapsulates PPP ... Some router conqurs this problem by simply "passing ... Pass Through") assuming there is only one PPTP client behind NAT. ... which is capable of handling GRE over NAT with many clients. ...
    (freebsd-net)
  • Re: PF and NAT on FreeBSD 5.3
    ... > I'm trying to setup a PF with NAT for my home network. ... > I have a ADSL router which works in bridged mode. ... which I'd like it to do NAT using PF. ... Karol Kwiatkowski <freebsd at orchid dot homeunix dot org> ...
    (freebsd-questions)
  • NAT vs. Personal Firewall
    ... I have a cable modem and a home network using filesharing. ... Or would a router that does stateful packet inspection ... as well as NAT be better? ... I'm aware that a personal firewall will help me identify trojans on my ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Cisco PIX behind NAT
    ... PPTP will fail when using NAT and hang at the point that you mention unless ... the Aztech router has an option to specifically support PPTP NAT Traversal. ... > I have a Cisco PIX and a Aztech DSL router. ...
    (comp.dcom.sys.cisco)
  • PF and NAT on FreeBSD 5.3
    ... I'm trying to setup a PF with NAT for my home network. ... I have a ADSL router which works in bridged mode. ... pass out on $ext_if proto tcp all modulate state flags S/SA ...
    (freebsd-questions)